Wireshark-users: Re: [Wireshark-users] saving decoded ssl packets back to libpcap format
From: "Hans Nilsson" <hasse_gg@xxxxxxxx>
Date: Tue, 21 Nov 2006 09:07:56 -1100
I know there's a program called SSLDump, maybe that could be used? http://www.rtfm.com/ssldump/ On Tue, 21 Nov 2006 10:22:38 -0500, "Kenneth Hunt" <kenneth.hunt.b@xxxxxxxxx> said: > OK... I worked on this yesterday, and I think the answer involves > text2pcap which can read in hex dumps of packets... my theory is that > decoding the packets and saving them in the interim format means I can > pull them back in. decoded... anyone else think this is possible? > > Can anyone confirm this is the right approach? I think I'm missing the > correct switches on the commandline when writing the packets to a file: > > tshark -x -r rsasnakeoil2.cap -o "ssl.keys_list: > 127.0.0.1,443,http,./rsasnakeoil2.key" -o "ssl.debug_file: > ./ssldebug.txt" > -w out.cap > > all I get is the encoded packet stream in the .cap file. > > Kenneth Hunt > Bayer Corporate and Business Services LLC > North America Information Technology > IS Analyst > http://www.linkedin.com/in/kennethhunt > > > > > "deepali goel" <deepaligoel2003@xxxxxxxxx> > Sent by: wireshark-users-bounces@xxxxxxxxxxxxx > 11/20/2006 11:45 PM > Please respond to > Community support list for Wireshark <wireshark-users@xxxxxxxxxxxxx> > > > To > "Community support list for Wireshark" <wireshark-users@xxxxxxxxxxxxx> > cc > > Subject > Re: [Wireshark-users] saving decoded ssl packets back to libpcap format > > > > > > > i know the contents of my packet but cant see the packet flowing in the > traffic captured?? > > On 11/21/06, Kenneth Hunt <kenneth.hunt.b@xxxxxxxxx> wrote: > > I can open the sample file snakeoil2.tgz in the wiki: > http://wiki.wireshark.org/SSL > > Is it possible to save the decoded packets back to libpcap format so I > can > reopen it with out the SSL settings? > I am using 127.0.0.1,443,http,c:\rsasnakeoil2.key with the private key in > the root of my c drive. > > > > > Kenneth Hunt > Bayer Corporate and Business Services LLC > North America Information Technology > IS Analyst > > > > The information contained in this e-mail is for the exclusive use of the > intended recipient(s) and may be confidential, proprietary, and/or > legally > privileged. Inadvertent disclosure of this message does not constitute a > waiver of any privilege. If you receive this message in error, please do > not directly or indirectly use, print, copy, forward, or disclose any > part > of this message. Please also delete this e-mail and all copies and > notify > the sender. Thank you. > > For alternate languages please go to http://bayerdisclaimer.bayerweb.com > > > _______________________________________________ > Wireshark-users mailing list > Wireshark-users@xxxxxxxxxxxxx > http://www.wireshark.org/mailman/listinfo/wireshark-users > > _______________________________________________ > Wireshark-users mailing list > Wireshark-users@xxxxxxxxxxxxx > http://www.wireshark.org/mailman/listinfo/wireshark-users > -- Hans Nilsson hasse_gg@xxxxxxxx -- http://www.fastmail.fm - Access all of your messages and folders wherever you are
- References:
- Re: [Wireshark-users] saving decoded ssl packets back to libpcap format
- From: Kenneth Hunt
- Re: [Wireshark-users] saving decoded ssl packets back to libpcap format
- Prev by Date: [Wireshark-users] HASH data output tshark
- Next by Date: Re: [Wireshark-users] (no subject)
- Previous by thread: Re: [Wireshark-users] saving decoded ssl packets back to libpcap format
- Next by thread: Re: [Wireshark-users] saving decoded ssl packets back to libpcap format
- Index(es):
- Get Wireshark
- Download
- Code of Conduct